Pros

Cons

So-so score in our hands-on malware blocking test.

Bottom Line

The labs give Bitdefender Antivirus Plus top marks, and it aces some of our own hands-on tests.
Beyond that, it adds a wealth of security features that almost qualify it as a security suite.
It's a winner.

July 21, 2018

Award-winning Antivirus software Bitdefender Antivirus Plus has long boasted a feature set that puts some security suites to shame, and the latest iteration adds further layers of security. Enhancements in this edition include a new user interface, an updated Autopilot that gives recommendations for product use, a network threat scan, an additional layer of ransomware protection, and even a virtual private network, or VPN. Bitdefender Antivirus Plus remains a top choice when it comes to protecting your PC's security.

Some antivirus products, such as Cylance Smart Antivirus and F-Secure, stick strictly with the essential task of an antivirus: removing existing malware infestations and foiling new attacks. Bitdefender, by contrast, packs a huge collection of security-centered features, among them password management, enhanced security for online transactions, multi-layered ransomware protection, and (new with this edition) even a VPN. To be sure you realize how much you're getting, the installer runs a slideshow detailing the features while doing its job.

At $39.99 per year for one license, Bitdefender's pricing is in line with the competition. More than a dozen others go for roughly the same price, among them Kaspersky, Webroot, Trend Micro, and ESET. F-Secure charges $39.99 too, but gives you three licenses for that price. Three Bitdefender licenses will run you $59.99 per year. McAfee AntiVirus Plus also costs $59.99 per year, but sets no limit on the number of Windows, macOS, Android, and iOS devices you can protect.

New User Interface

With the latest release, Bitdefender has a totally new user interface. The main window displays a security dashboard by default, with a left-rail menu that offers detailed access to features. Security recommendations occupy the top half of the rest of the window, with a collection of what the product calls Quick Actions below. By default, these are: start a quick scan, open the VPN, install protection on another device, and turn on Safepay online protection. You can make your own choices from a list of eight possible quick actions, for a total of five visible at any time.

Clicking Protection, Privacy, or Utilities in the left menu brings up detailed pages of features and settings, though some of the features aren't available in the basic antivirus. For example, on the Protection page the Firewall and Antispam items require an upgrade, and everything on the Utilities page requires Bitdefender's top-tier suite, Bitdefender Total Security.

For years now, Bitdefender's Autopilot mode has quietly handled security issues without requiring user intervention. In the current edition, Autopilot evolves into a more active role. The aim is to make sure you get the full benefit of this antivirus' many, many features. For example, during this review it suggested that we turn on the Automatic Profiles feature, which adjusts the configuration depending on what you're doing. For example, the Movie profile suppresses interruptions, and the Battery Mode profile limits background activity. Autopilot might also suggest that you explore the Wallet password manager, or check the privacy of your online accounts.

Glowing Lab Test Scores

We follow four independent labs that put antivirus programs through rigorous testing and regularly report their findings. The simple fact that a product appears in the results shows that the lab feels it's significant enough to test, and that the antivirus company is willing to pay to have its product put through the wringer. Some of the products we review get no test results at all. About a quarter of them, Bitdefender included, participate with all four labs.

Testers at AV-Comparatives run dozens of ongoing tests. Of those, I follow four, among them a performance test, a real-world dynamic protection test, and an evaluation of how thorough a cleanup job each product does. Products that pass a test receive Standard certification; those that excel can take Advanced or Advanced+ certification. Bitdefender managed Advanced+ in all four tests. AV-Comparatives named Bitdefender Product of the Year for 2017.

Researchers at SE Labs locate and capture real-world drive-by-download websites and other dangerous sites. Using a replay system, they expose multiple products to precisely the same attack, rating their effectiveness. Bitdefender earned AAA certification, the best of five certification levels.

MRG-Effitas numbers banks among those who follow its tests, and indeed, one test covers nothing but banking Trojans. Another uses a sample set designed to run the gamut of current and prevalent threat types. Both are rigorous; products that don't achieve a near-perfect score simply fail. Bitdefender passed both tests with the top possible score.

Reports from AV-Test Institute rate antivirus products on how well they handle the basic task of malware protection, how small an effect they have on performance, and how carefully they avoid false positives (flagging valid programs or sites are dangerous). Products can earn six points in each category. Bitdefender took the full six for protection and performance, but only five points in the third category, due to some false positives.

Over the years, we've developed an algorithm for mapping the different lab scores onto a 10-point scale and generating an aggregate score. Bitdefender stands at an impressive 9.8 points, beaten only by Kaspersky Anti-Virus with 9.9. Both products appear in reports from all four labs.

Impressive Malware Protection

Even though the labs heap praise on Bitdefender, we still need our own hands-on experience. Our malware protection test starts when we open the folder containing an eclectic collection of malware samples whose behavior we've analyzed. At this point, Bitdefender displayed a notification, saying "Disinfection in progress…please wait until complete."

This proved to be a long wait—more than five minutes. When the antivirus finished, it offered a link to display just what it accomplished. The real-time on-access protection system eliminated just under 80 percent of the samples on sight. We continued the test by launching those samples that survived the initial massacre.

Bitdefender caught most of the remaining samples at or shortly after launch. In one case, it spent several minutes analyzing a threat that it characterized as a possible PUA, or potentially unwanted application. When it reached a verdict and quarantined the sample, it left behind a boatload of non-executable malware traces. Bitdefender detected 93 percent of the samples, the same as Cylance and F-Secure Anti-Virus. As with Cylance and F-Secure, the missed samples were PUAs, not virulently nasty malware.

Products can earn an overall score of 10 points in this test. Bitdefender would have had 9.3, the same as Cylance and F-Secure, but the many left-behind traces I mentioned dragged it down to 9.2.

This is only the sixth product we've exposed to the current malware collection. Tested with our previous collection, Norton and Webroot SecureAnywhere AntiVirus both achieved 100 percent detection and scored a perfect 10.

Because gathering and analyzing malware takes a significant effort, we use the same sample set for many months. To check how well an antivirus handles the very latest attacks, we use a feed of malware-hosting URLs kindly supplied by MRG-Effitas. Typically these are no more than a day old. We launch each one in turn, discarding any URLs that are already defunct, and record whether the antivirus steered the browser away from the dangerous URL, eliminated the malicious download, or sat on its hands doing nothing.

Bitdefender's Online Threat Protection turned in a phenomenal performance, blocking access to fully 96 percent of the malware-hosting URLs. The regular antivirus component wiped out another three percent at the download phase, for a total of 99 percent protection, the best score among all recent products. Symantec Norton AntiVirus Basic and Trend Micro are close behind, however, with 98 percent and 97 percent protection, respectively.

Phenomenal Phishing Protection

Malware attacks your computer, or your data, to make moolah for its creators. Phishing attacks go straight for the most vulnerable component—the user. If you encounter a fake PayPal site and don't notice that the URL in the address bar isn't right, you could wind up handing your login credentials to the creeps who built the fake. These fraudulent sites don't last long; they quickly get blacklisted and taken down. But the phishers just build new ones.

Any competent coder could put together a system that steers users away from sites on a phishing blacklist, but that's not enough in itself. A really good phishing protection system analyzes pages for signs of fraud, and blocks even those too new to be blacklisted. Some products, such as Norton, distinguish between blacklisted sites and those identified by analysis. Bitdefender's Online Threat Protection tars them all with the same brush, and it proved extremely effective in our testing.

Our antiphishing test methodology is evolving. In the past, we've reported results as the difference between the product's detection rate and that of Norton, as well as comparing with the detection rate for the protection built into Chrome, Firefox, and Internet Explorer. Recently we dropped Norton from the mix, just comparing each product's detection with the browser built-ins. However, using the average of the browser ratings as our metric really skewed things. Check Point ZoneAlarm PRO Antivirus + Firewall picked up a huge score, for the most part because the browsers had a really bad day. We continue to report the browser comparisons—a product that can't beat what's built in is pretty poor—but we're now using each product's actual detection rate as the main metric.

On that basis, Bitdefender wins the field yet again. It detected and foiled 99 percent of the verified phishing sites. ZoneAlarm is still in the running, with 98 percent protection; Trend Micro also blocked 98 percent of the frauds.

Network Threat Prevention

New in this edition, the Network Threat Protection component works alongside Online Threat Protection to detect and fend off attacks on security vulnerabilities in the operating system and popular applications. This sort of protection is more commonly associated with a firewall, but it can stand alone.

Trying to see this feature in action, we bombarded the test system with 30-odd exploits generated by the CORE Impact penetration tool. This collection includes exploits aimed at Windows, Internet Explorer, Microsoft Office, Java, and several Adobe products. Bitdefender flagged 44 percent of the attack pages as dangerous, covering all the categories except Adobe. Note that as the test system is fully patched, none of the exploits had a chance to subvert its security.

Norton is the big winner in this test. Its exploit-specific protection component blocked every single one of the sample attacks. In a few cases, identified the attack by their official CVE numbers. Exploit protection isn't a core antivirus component, though, especially if you keep your operating system and applications up to date.

Search Results Markup

You don't even have to visit a site to get protection from Bitdefender's TrafficLight analysis. TrafficLight marks search results as safe or dangerous using the expected green and red icons. But it doesn't stop there.

If you encounter a red warning icon, you can click it for full details. The resulting page breaks down just why the site was flagged, identifying more than a dozen varieties of dangerous and fraudulent sites. Phishing and malware are at the top of the list, naturally. Among the other fraud types flagged by TrafficLight are piracy sites, employment scams, and click-fraud sites.

In testing, we found that this feature didn't work in Chrome. Our Bitdefender contact explained that the product doesn't yet support the experimental QUIC protocol, and offered instructions to disable QUIC at the chrome://flags page.

Multi-Layered Ransomware Protection

No antivirus is perfect. They'll all occasionally miss a brand-new attack. Oh, sure, within a few days most will broadcast an update that cleans things up, but in case of a ransomware attack, it's too late to save your files. Bitdefender has been on the cutting edge of ransomware protection, and the latest edition adds more layers.

Ransomware works by encrypting important files and demanding that you pay for the decryption key. It typically looks in folders such as Documents, Pictures, and Videos. Bitdefender's Safe Files feature simply prevents all unauthorized modification of files in these locations, for all users. If you have an unusual folder scheme, you can add other protected folders. On detecting an unknown program attempting to modify a protected file, Safe Files suspends the program and asks whether to allow the change. If you've just installed a new image editor, you can simply mark it as trusted. But if the warning comes as a surprise, let Safe Files keep the program away from your files.

New in the current edition is Ransomware Remediation. At the first hint of a possible ransomware attack, it backs up important files, restoring them after Bitdefender neutralizes the attack. This feature comes disabled out of the box. My company contact tells me that once it's been around for a while, they'll change the default to enabled. I turned it on for testing purposes.

We've tested Safe Files before, but we repeated the test just to be thorough. When we tried editing text files in the Documents folder with a hand-coded (and hence unknown to Bitdefender) text editor, it caught the attempt and offered to stop it. It also caught a simple-minded fake ransomware program, even when that program launched at boot time.

The Bitdefender Shield real-time protection components wiped out all our actual ransomware samples on sight. To even get a glimpse of the other protective layers, we had to turn off Shield. These samples are already present on the test system, so the network layer didn't get a chance to act. Some of the samples triggered Safe Files, followed by Advanced Threat Defense. Advanced Threat Defense alone caught others. We never did manage to trigger Ransomware Remediation, but then, that layer is the last resort.

Bitdefender blocked all our file-encryptor ransomware samples even with real-time protection turned off, and indeed, these are by far the most common type. There is, however, another type of ransomware that encrypts the whole disk. We only have one sample of this type, the notorious Petya ransomware. Sad to say, Bitdefender whiffed against Petya. The attack ran to completion, rendering the virtual machine test system unusable until we reverted it to a clean snapshot. To be fair, this could only happen because we disabled the real-time antivirus.

We also tried running KnowBe4's RanSim ransomware simulator. Safe Files blocked its access repeatedly, but this activity interfered with the simulation, to the point that it just didn't work. In a real ransomware situation, I wouldn't complain about protection that renders ransomware ineffective.

Ransomware protection is showing up in more and more antivirus products, but most don't go as far as Bitdefender. Trend Micro Antivirus+ Security is among the few others with a multi-layer approach. It blocks unauthorized changes to protected files, detects ransomware behavior, and restores any files that got encrypted before the behavior-based detection kicked in. Webroot uses behavior-based detection, and its journal-and-rollback system for handling behavior of unknown files can even reverse the effects of ransomware.

A Wallet for Your Passwords

Password management is a feature more commonly found in security suites than in standalone antivirus products (though Avast includes password management even in Avast Free Antivirus). Bitdefender's Wallet feature stores passwords, personal information, and credit card details for use on websites, and also saves passwords for applications and Wi-Fi networks.

Wallet has changed very little since Bitdefender's previous edition. It still requires a strong master password, separate from your Bitdefender Central password (be wary of its strength rating; it calls "Password1!" a strong password). It still allows creation of multiple wallets (password databases), and lets you choose whether to sync between devices or keep passwords local-only. And it still automatically captures login credentials as you type them and replays them as needed.

In testing, it managed standard password entry forms but couldn't handle some two-page login systems. Wallet doesn't store as much personal data for web forms as some dedicated password managers, but it correctly filled all the fields that it does store.

When you're signing up for a new account, you can use Wallet's password generator, which defaults to creating 15-character passwords made of letters and numbers. That's a good default length, but I advise enabling the use of special characters, for even stronger passwords.

Wallet completely handles the basics of password management, but doesn't go much beyond that. If you want high-end features like automatic password changing, two-factor authentication, secure sharing of credentials, or handling of password inheritance, you should consider a standalone password manager utility.

Safepay for Online Safety

The Online security is important even when you're just watching cat videos or fainting goats, but it's absolutely critical any time you log in to a financial website. Bitdefender's Safepay automatically kicks in when it detects that you're about to connect with a banking site or other sensitive site, offering a secure connection. You can tell it to always use Safepay on the site in question, or never use it for a particular page. Kaspersky's Bank Mode works in much the same way, though it doesn't open a separate desktop.

Safepay is a desktop all its own, with a hardened browser built in. Processes running in the Safepay desktop have no connection with the regular desktop. The Safepay browser supports Wallet, naturally, and you can install Flash if required, but supports no other extensions.

The Safepay browser's process isolation should protect against any software keylogger or other keystroke-stealing spyware. Going beyond that, a virtual keyboard serves to defeat even hardware keyloggers. It also prevents programs from snapping screenshots to capture sensitive information.

We tested Safepay by trying to log into a dozen financial sites, some big, some small. Surprisingly, Bitdefender did not offer Safepay for bankofamerica.com or americanexpress.com. It also refused to open wellsfargo.com, citing an untrusted certificate. Our company contacts explained that certain sites have exhibited compatibility problems in the past, so they don't push users to Safepay on those sites. You're still free to open the Safepay browser and navigate to the site directly.

Bitdefender VPN

Bitdefender's many layers of antivirus, web, and network protection keep your devices and their data safe. However, when you connect to the internet your data in transit is potentially at risk. To ensure privacy for your data, you need a VPN (virtual private network). When you connect using a VPN, nobody, not even the owner of the shady Wi-Fi network you're using, can access your network traffic.

Bitdefender VPN isn't available as a standalone product. Even the feature-complete Premium edition requires that you're already running a Bitdefender antivirus or security suite. This VPN is a re-branded version of the AnchorFree Hotspot Shield Elite VPN service. Bitdefender uses AnchorFree's servers and services, but your information is secure with Bitdefender. AnchorFree cannot see your online activities and only receives a Bitdefender identifier.

The VPN service will work out of the box, but only in a limited mode until you pay for a Premium subscription. The free version of Bitdefender's VPN restricts your use to 200MB per day. That's more generous than TunnelBear VPN's free version, which offers only 500MB per month. The free version also limits which VPN servers you can access. When we tested the free version, it connected to a server in Utah. We also found that the VPN said we had used up our data allotment only moments after switching on the VPN for the first time. That's a bit troubling.

If you decide to upgrade to the Premium edition of the Bitdefender VPN, you get access to all available VPN servers, with no data cap. An annual subscription costs $49.99 per year, currently discounted to $39.99, or you can pay $6.99 per month. That's a remarkably low monthly cost, comparable to very affordable Private Internet Access VPN, which costs $6.95 per month. It's also notably less expensive than Hotspot Shield itself, which costs $12.99 per month.

For $6.99, you can use the Bitdefender VPN on five devices simultaneously, which is the industry average. You can upgrade that to 10 simultaneous connections by upgrading your protection to a 10-license subscription for Bitdefender Total Security. Doing so doesn't change the price of the Premium VPN.

The Bitdefender VPN is very simple: a slender grey rectangle with a large, blue button to connect the VPN. You change the VPN server from the pull-down menu, although you can only select the country to which you will connect. Other services, like NordVPN, will let you select the specific server in a given country, and even tell you what kind of load that server is experiencing. Bitdefender is more of a set-it-and-forget-it affair. That said, it has only a few options: configuring the VPN to connect automatically on unsafe (read: unsecured) Wi-Fi networks and having it connect automatically on startup.

Other VPN services, like TorGuard VPN, have a host of add-on options, like dedicated IP address and access to a 10GB network. NordVPN and ProtonVPN let you connect to the Tor anonymization network through their clients. Several VPN services also offer servers designed for specific activities, like P2P file sharing or Netflix streaming. The Bitdefender VPN doesn't have these, although it allows file sharing on the networks used by the Bitdefender VPN.

On the subject of Netflix, we found that we could not connect to the popular video streaming service while the Bitdefender VPN was active. That's not surprising, since we couldn't access when using Hotspot Shield, either. Netflix is very active about blocking VPNs, but VPNs are active in trying to keep their customers streaming happily. It's a bit of a cat-and-mouse game. When we last tested the services, NordVPN, TunnelBear, CyberGhost VPN, KeepSolid VPN Unlimited, and TorGuard VPN were the top-rated services that successfully worked with Netflix.

None of the documentation we found on the Bitdefender VPN outlined how many servers are available, but we've been told it's the same as those available with the first-party Hotspot Shield client. Hotspot Shield has 2,500 servers in 25 countries. That's a strong showing, beating out much of the VPN small fry. It's just shy of the heavy hitters, which have 3,000 servers or more. These include NordVPN, Private Internet Access, and TorGuard VPN. Note that if you use the free version, 20 percent of the servers are virtual servers. The paid version uses only dedicated, physical servers.

A large number of servers is useful, since it means fewer people will be allocated per server. Fewer people in a server generally means better performance, as you won't have to share as many slices of the bandwidth pie.

Server locations also matter, partly because more locations means more options for spoofing your own location, but mostly because a closer server will usually yield better speed and will definitely have lower latency. NordVPN, for example, is available in 59 countries, and TorGuard covers 55 countries.

You won't find an option to change the protocol used by the Bitdefender VPN client to create its encrypted tunnel. That's because Hotspot Shield only uses its custom Hydra protocol, which the company says opens multiple simultaneous connections for better speeds and reliability. It uses established crypto libraries, however, so it should be trustworthy as far as security goes. Generally, we prefer the OpenVPN protocol, which has the advantage of being open-source and picked over for potential vulnerabilities.

To get a sense of how a VPN affects speed and latency, we at PCMag run a series of tests using the Ookla's internet speed test tool to find a percent change between when the VPN is active and when it is not. (Note that Ookla is owned by Ziff Davis, which also owns PCMag.) Do read about how we test VPNs if you're curious about what all goes into this process. The short version is that this is a snapshot for comparison purposes, and not meant to be the final word on performance for a given service. Your mileage may vary.

A careful reader will notice that the results from the Bitdefender VPN and the Hotspot Shield client are markedly different. Both tests used the same computer (a Lenovo ThinkPad T460s laptop running Windows 10) and the same network configuration. It's possible that network conditions were just very unfavorable during our initial Hotspot Shield testing. As we understand, Bitdefender clients do not receive preferential treatment on Hotspot servers. We used the Premium VPN, because our tests require the ability to select specific server locations.

In the first round of tests, we let the VPN choose the best server. The client wisely chose a server in New York. We found that the Bitdefender VPN had little impact on latency, increasing it by just 35.7 percent. That's in stark contrast to the first party Hotspot Shield client, which increased latency by 3,145 percent. The best score in these tests, however, goes to TorGuard, which decreased latency by 6.7 percent.

We consider the download test to be the most important, and the Bitdefender VPN performed quite well. It reduced download speeds by only 6.2 percent. Again, that's significantly better than Hotspot Shield, which slowed downloads by 73.5 percent. TorGuard, again, has the best score in this test. It lowered download speeds by only 3.7 percent.

In the upload speed tests, the Bitdefender VPN was in with the rest of the pack. It reduced upload speeds by just 3.7 percent, which is nipping at the heels of the best performer in this category. That honor goes to IPVanish VPN, which reduced upload speeds by 2.9 percent. The Hotspot Shield client, however, reduced upload speeds by 58.6 percent.

In the second round, we test the VPN's ability to function over great distances. To do that, we use an Ookla test server in Anchorage, Alaska, and a VPN server in Australia. The Bitdefender VPN increased latency by 310.1 percent, which is about average for this test and understandable given the distances involved. Hotspot Shield, however, increased latency by over 400 percent when we tested it. TunnelBear had the best results in this test, increasing latency by only 270.3 percent.

In the international download tests, we found that the Bitdefender VPN reduced download speeds by 71.9 percent. In an unusual reversal, that's a significantly larger impact than when we tested AnchorFree Hotspot Shield. That service has the best score in these tests, reducing download speeds by 39.9 percent.

The international upload tests are always a bit odd, as the speeds of every service tend to cluster in the high 90s. Bitdefender was no different; it reduced upload speeds by 98.1 percent. Hotspot Shield reduced upload speeds by 98.4 percent, and the best score came from Private Internet Access, which reduced upload speeds by 97.3 percent.

We zinged Hotspot Shield for its high price, and for some troubling privacy policies. Bitdefender VPN costs significantly less, on par with the least expensive competition, and it solves the privacy problem by strictly limiting what information it passes to the Hotspot Shield servers.

Even More Features

The list of features packed into this antivirus just goes on and on. We've mentioned keeping your operating system applications up to date with all security patches. The vulnerability scan feature automatically runs in the background and warns you about missing patches. It also flags weak Windows account passwords, and warns when you're connected to an insecure Wi-Fi network, advising you connect through the VPN. We did hit an oddity in testing. Windows Update itself reports the test system up to date, but the Vulnerability scan reported 142 "Critical Windows Updates." After we let it install those updates, a subsequent scan showed even more pending. Our Bitdefender contact confirmed that this is a bug, with a fix due soon.

One great way to protect your most sensitive documents is to encrypt them. After encryption, its essential to securely delete the unsecured original, to avoid even forensic recovery. You need a Bitdefender suite to get file encryption, but the secure deletion File Shredder is present even in the antivirus. Use it when you really need to eliminate a sensitive file so that nobody, not even the NSA, can recover it.

Sometimes you run into malware so ornery and persistent that even Bitdefender can't remove it. The typical solution in a case like this is to burn a bootable rescue disc, one that runs a non-Windows operating system. Bitdefender does better with its Rescue Mode. You don't have to burn a disc; you just select Rescue Mode and reboot. Windows malware can't defend itself when Windows isn't running.

A Top Choice for Security

Bitdefender Antivirus Plus offers excellent malware protection, as shown by its excellent scores from many independent testing labs. Our own tests show it to be especially effective against web-based threats, including malware-hosting sites and phishing pages. On top of that, it piles on enough features that it could almost qualify as a security suite, and the current edition adds still more security-specific features. It's truly an excellent choice, and an Editors' Choice.

In the packed field of antivirus utilities, we've named several other Editors' Choice products. The labs love Kaspersky Anti-Virus just as much as they do Bitdefender. McAfee AntiVirus Plus doesn't score as high, but it offers unlimited protection for your Windows, macOS, Android, and iOS devices. While not quite as feature-rich as Bitdefender, Symantec Norton AntiVirus Basic goes significantly beyond basic antivirus protection; it's especially effective against exploit attacks. And tiny Webroot SecureAnywhere AntiVirus uses a journal-and-rollback system that should undo the effects of any malware that gets past its initial detection, even ransomware.

About the Author

Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted by readers. By 1990, he had become PC Magazine's technical editor, and a coast-to-coast telecommuter. His "User to User" column supplied readers with tips and solutions on using DOS and Windows, his technical columns clarified fine points in programming and operating systems, and his utility articles (over forty of … See Full Bio